CVE-2016-5582
First published: Sun Oct 16 2016(Updated: )
It was discovered that the Hotspot component of OpenJDK did not check types of System.arraycopy() function arguments src and dest in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK 6 | =1.6.0-update121 | |
| Oracle JDK 6 | =1.7.0-update111 | |
| Oracle JDK 6 | =1.8.0-update101 | |
| Oracle JDK 6 | =1.8.0-update102 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update121 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update111 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update101 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update102 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA
- http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/a3ede966ecfe
- https://rhn.redhat.com/errata/RHSA-2016-2079.html
- https://rhn.redhat.com/errata/RHSA-2016-2088.html
- https://rhn.redhat.com/errata/RHSA-2016-2090.html
- https://rhn.redhat.com/errata/RHSA-2016-2089.html
- https://rhn.redhat.com/errata/RHSA-2016-2658.html
- https://rhn.redhat.com/errata/RHSA-2017-0061.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1385402
- http://rhn.redhat.com/errata/RHSA-2016-2079.html
- http://rhn.redhat.com/errata/RHSA-2016-2088.html
- http://rhn.redhat.com/errata/RHSA-2016-2089.html
- http://rhn.redhat.com/errata/RHSA-2016-2090.html
- http://rhn.redhat.com/errata/RHSA-2016-2658.html
- http://rhn.redhat.com/errata/RHSA-2017-0061.html
- http://www.debian.org/security/2016/dsa-3707
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/93623
- http://www.securitytracker.com/id/1037040
- http://www.ubuntu.com/usn/USN-3130-1
- http://www.ubuntu.com/usn/USN-3154-1
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201611-04
- https://security.gentoo.org/glsa/201701-43
- https://security.netapp.com/advisory/ntap-20161019-0001/
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2016-5582?
CVE-2016-5582 has a severity rating of high due to the potential for memory corruption and exploitation.
How do I fix CVE-2016-5582?
To fix CVE-2016-5582, users should update to the latest versions of Oracle JDK and JRE that address this vulnerability.
Which versions of JDK are affected by CVE-2016-5582?
CVE-2016-5582 affects Oracle JDK versions 1.6.0-update121, 1.7.0-update111, and 1.8.0-update101 and 1.8.0-update102.
Can CVE-2016-5582 be exploited remotely?
Yes, CVE-2016-5582 can be exploited remotely through an untrusted Java application or applet.
What are the potential consequences of exploiting CVE-2016-5582?
Exploiting CVE-2016-5582 could lead to memory corruption and allow attackers to bypass Java sandbox restrictions.
- collector/redhat-bugzilla
- alias/CVE-2016-5582
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.6.0-update121
- version/oracle jdk 6/1.7.0-update111
- version/oracle jdk 6/1.8.0-update101
- version/oracle jdk 6/1.8.0-update102
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.6.0-update121
- version/oracle java runtime environment (jre)/1.7.0-update111
- version/oracle java runtime environment (jre)/1.8.0-update101
- version/oracle java runtime environment (jre)/1.8.0-update102